gitea/modules/git/repo_archive.go

// Copyright 2015 The Gogs Authors. All rights reserved.
// Copyright 2020 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package git

import (
	"context"
	"fmt"
	"io"
	"path/filepath"
	"strings"
)

// ArchiveType archive types
type ArchiveType int

const (
	// ZIP zip archive type
	ZIP ArchiveType = iota + 1
	// TARGZ tar gz archive type
	TARGZ
	// BUNDLE bundle archive type
	BUNDLE
)

// String converts an ArchiveType to string
func (a ArchiveType) String() string {
	switch a {
	case ZIP:
		return "zip"
	case TARGZ:
		return "tar.gz"
	case BUNDLE:
		return "bundle"
	}
	return "unknown"
}

func ToArchiveType(s string) ArchiveType {
	switch s {
	case "zip":
		return ZIP
	case "tar.gz":
		return TARGZ
	case "bundle":
		return BUNDLE
	}
	return 0
}

// CreateArchive create archive content to the target path
func (repo *Repository) CreateArchive(ctx context.Context, format ArchiveType, target io.Writer, usePrefix bool, commitID string) error {
	if format.String() == "unknown" {
		return fmt.Errorf("unknown format: %v", format)
	}

	cmd := NewCommand(ctx, "archive")
	if usePrefix {
		cmd.AddOptionFormat("--prefix=%s", filepath.Base(strings.TrimSuffix(repo.Path, ".git"))+"/")
	}
	cmd.AddOptionFormat("--format=%s", format.String())
	cmd.AddDynamicArguments(commitID)

	var stderr strings.Builder
	err := cmd.Run(&RunOpts{
		Dir:    repo.Path,
		Stdout: target,
		Stderr: &stderr,
	})
	if err != nil {
		return ConcatenateError(err, stderr.String())
	}
	return nil
}
Added all required dependencies 2016-11-03 23:16:01 +01:00			`// Copyright 2015 The Gogs Authors. All rights reserved.`
Make archive prefixing configurable with a global setting (#9943) * Allow archive prefix setting * Update copyright * Update copyright 2020-01-23 00:46:46 +01:00			`// Copyright 2020 The Gitea Authors. All rights reserved.`
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com> 2022-11-27 19:20:29 +01:00			`// SPDX-License-Identifier: MIT`
Added all required dependencies 2016-11-03 23:16:01 +01:00
			`package git`

			`import (`
Set context for running CreateArchive in to that of the request (#12555) Set the context for CreateArchive to that of the request to ensure that archives are only built for as long as a request is requesting them Fix #11551 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> 2020-08-28 08:55:12 +02:00			`"context"`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`"fmt"`
Rework repository archive (#14723) * Use storage to store archive files * Fix backend lint * Add archiver table on database * Finish archive download * Fix test * Add database migrations * Add status for archiver * Fix lint * Add queue * Add doctor to check and delete old archives * Improve archive queue * Fix tests * improve archive storage * Delete repo archives * Add missing fixture * fix fixture * Fix fixture * Fix test * Fix archiver cleaning * Fix bug * Add docs for repository archive storage * remove repo-archive configuration * Fix test * Fix test * Fix lint Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-06-23 23:12:38 +02:00			`"io"`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`"path/filepath"`
			`"strings"`
			`)`

update code.gitea.io/git (#450) 2016-12-22 10:30:52 +01:00			`// ArchiveType archive types`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`type ArchiveType int`

			`const (`
update code.gitea.io/git (#450) 2016-12-22 10:30:52 +01:00			`// ZIP zip archive type`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`ZIP ArchiveType = iota + 1`
update code.gitea.io/git (#450) 2016-12-22 10:30:52 +01:00			`// TARGZ tar gz archive type`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`TARGZ`
Add bundle download for repository (#14538) * Add bundle download Signed-off-by: jolheiser <john.olheiser@gmail.com> * Fix fmt Signed-off-by: jolheiser <john.olheiser@gmail.com> * Fix build tags Signed-off-by: jolheiser <john.olheiser@gmail.com> * Download specific commit Signed-off-by: jolheiser <john.olheiser@gmail.com> 2021-08-24 18:47:09 +02:00			`// BUNDLE bundle archive type`
			`BUNDLE`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`)`

Make archive prefixing configurable with a global setting (#9943) * Allow archive prefix setting * Update copyright * Update copyright 2020-01-23 00:46:46 +01:00			`// String converts an ArchiveType to string`
			`func (a ArchiveType) String() string {`
			`switch a {`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`case ZIP:`
Make archive prefixing configurable with a global setting (#9943) * Allow archive prefix setting * Update copyright * Update copyright 2020-01-23 00:46:46 +01:00			`return "zip"`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`case TARGZ:`
Make archive prefixing configurable with a global setting (#9943) * Allow archive prefix setting * Update copyright * Update copyright 2020-01-23 00:46:46 +01:00			`return "tar.gz"`
Add bundle download for repository (#14538) * Add bundle download Signed-off-by: jolheiser <john.olheiser@gmail.com> * Fix fmt Signed-off-by: jolheiser <john.olheiser@gmail.com> * Fix build tags Signed-off-by: jolheiser <john.olheiser@gmail.com> * Download specific commit Signed-off-by: jolheiser <john.olheiser@gmail.com> 2021-08-24 18:47:09 +02:00			`case BUNDLE:`
			`return "bundle"`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`}`
Make archive prefixing configurable with a global setting (#9943) * Allow archive prefix setting * Update copyright * Update copyright 2020-01-23 00:46:46 +01:00			`return "unknown"`
			`}`

Adjust gitea doctor --run storages to check all storage types (#21785) The doctor check `storages` currently only checks the attachment storage. This PR adds some basic garbage collection functionality for the other types of storage. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2022-11-15 09:08:59 +01:00			`func ToArchiveType(s string) ArchiveType {`
			`switch s {`
			`case "zip":`
			`return ZIP`
			`case "tar.gz":`
			`return TARGZ`
			`case "bundle":`
			`return BUNDLE`
			`}`
			`return 0`
			`}`

Make archive prefixing configurable with a global setting (#9943) * Allow archive prefix setting * Update copyright * Update copyright 2020-01-23 00:46:46 +01:00			`// CreateArchive create archive content to the target path`
Rework repository archive (#14723) * Use storage to store archive files * Fix backend lint * Add archiver table on database * Finish archive download * Fix test * Add database migrations * Add status for archiver * Fix lint * Add queue * Add doctor to check and delete old archives * Improve archive queue * Fix tests * improve archive storage * Delete repo archives * Add missing fixture * fix fixture * Fix fixture * Fix test * Fix archiver cleaning * Fix bug * Add docs for repository archive storage * remove repo-archive configuration * Fix test * Fix test * Fix lint Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-06-23 23:12:38 +02:00			`func (repo *Repository) CreateArchive(ctx context.Context, format ArchiveType, target io.Writer, usePrefix bool, commitID string) error {`
			`if format.String() == "unknown" {`
			`return fmt.Errorf("unknown format: %v", format)`
Make archive prefixing configurable with a global setting (#9943) * Allow archive prefix setting * Update copyright * Update copyright 2020-01-23 00:46:46 +01:00			`}`

Refactor git command arguments and make all arguments to be safe to be used (#21535) Follow #21464 Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic. 2022-10-23 16:44:45 +02:00			`cmd := NewCommand(ctx, "archive")`
Rework repository archive (#14723) * Use storage to store archive files * Fix backend lint * Add archiver table on database * Finish archive download * Fix test * Add database migrations * Add status for archiver * Fix lint * Add queue * Add doctor to check and delete old archives * Improve archive queue * Fix tests * improve archive storage * Delete repo archives * Add missing fixture * fix fixture * Fix fixture * Fix test * Fix archiver cleaning * Fix bug * Add docs for repository archive storage * remove repo-archive configuration * Fix test * Fix test * Fix lint Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-06-23 23:12:38 +02:00			`if usePrefix {`
Refactor git command package to improve security and maintainability (#22678) This PR follows #21535 (and replace #22592) ## Review without space diff https://github.com/go-gitea/gitea/pull/22678/files?diff=split&w=1 ## Purpose of this PR 1. Make git module command completely safe (risky user inputs won't be passed as argument option anymore) 2. Avoid low-level mistakes like https://github.com/go-gitea/gitea/pull/22098#discussion_r1045234918 3. Remove deprecated and dirty `CmdArgCheck` function, hide the `CmdArg` type 4. Simplify code when using git command ## The main idea of this PR * Move the `git.CmdArg` to the `internal` package, then no other package except `git` could use it. Then developers could never do `AddArguments(git.CmdArg(userInput))` any more. * Introduce `git.ToTrustedCmdArgs`, it's for user-provided and already trusted arguments. It's only used in a few cases, for example: use git arguments from config file, help unit test with some arguments. * Introduce `AddOptionValues` and `AddOptionFormat`, they make code more clear and simple: * Before: `AddArguments("-m").AddDynamicArguments(message)` * After: `AddOptionValues("-m", message)` * - * Before: `AddArguments(git.CmdArg(fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email)))` * After: `AddOptionFormat("--author='%s <%s>'", sig.Name, sig.Email)` ## FAQ ### Why these changes were not done in #21535 ? #21535 is mainly a search&replace, it did its best to not change too much logic. Making the framework better needs a lot of changes, so this separate PR is needed as the second step. ### The naming of `AddOptionXxx` According to git's manual, the `--xxx` part is called `option`. ### How can it guarantee that `internal.CmdArg` won't be not misused? Go's specification guarantees that. Trying to access other package's internal package causes compilation error. And, `golangci-lint` also denies the git/internal package. Only the `git/command.go` can use it carefully. ### There is still a `ToTrustedCmdArgs`, will it still allow developers to make mistakes and pass untrusted arguments? Generally speaking, no. Because when using `ToTrustedCmdArgs`, the code will be very complex (see the changes for examples). Then developers and reviewers can know that something might be unreasonable. ### Why there was a `CmdArgCheck` and why it's removed? At the moment of #21535, to reduce unnecessary changes, `CmdArgCheck` was introduced as a hacky patch. Now, almost all code could be written as `cmd := NewCommand(); cmd.AddXxx(...)`, then there is no need for `CmdArgCheck` anymore. ### Why many codes for `signArg == ""` is deleted? Because in the old code, `signArg` could never be empty string, it's either `-S[key-id]` or `--no-gpg-sign`. So the `signArg == ""` is just dead code. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2023-02-04 03:30:43 +01:00			`cmd.AddOptionFormat("--prefix=%s", filepath.Base(strings.TrimSuffix(repo.Path, ".git"))+"/")`
Make archive prefixing configurable with a global setting (#9943) * Allow archive prefix setting * Update copyright * Update copyright 2020-01-23 00:46:46 +01:00			`}`
Refactor git command package to improve security and maintainability (#22678) This PR follows #21535 (and replace #22592) ## Review without space diff https://github.com/go-gitea/gitea/pull/22678/files?diff=split&w=1 ## Purpose of this PR 1. Make git module command completely safe (risky user inputs won't be passed as argument option anymore) 2. Avoid low-level mistakes like https://github.com/go-gitea/gitea/pull/22098#discussion_r1045234918 3. Remove deprecated and dirty `CmdArgCheck` function, hide the `CmdArg` type 4. Simplify code when using git command ## The main idea of this PR * Move the `git.CmdArg` to the `internal` package, then no other package except `git` could use it. Then developers could never do `AddArguments(git.CmdArg(userInput))` any more. * Introduce `git.ToTrustedCmdArgs`, it's for user-provided and already trusted arguments. It's only used in a few cases, for example: use git arguments from config file, help unit test with some arguments. * Introduce `AddOptionValues` and `AddOptionFormat`, they make code more clear and simple: * Before: `AddArguments("-m").AddDynamicArguments(message)` * After: `AddOptionValues("-m", message)` * - * Before: `AddArguments(git.CmdArg(fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email)))` * After: `AddOptionFormat("--author='%s <%s>'", sig.Name, sig.Email)` ## FAQ ### Why these changes were not done in #21535 ? #21535 is mainly a search&replace, it did its best to not change too much logic. Making the framework better needs a lot of changes, so this separate PR is needed as the second step. ### The naming of `AddOptionXxx` According to git's manual, the `--xxx` part is called `option`. ### How can it guarantee that `internal.CmdArg` won't be not misused? Go's specification guarantees that. Trying to access other package's internal package causes compilation error. And, `golangci-lint` also denies the git/internal package. Only the `git/command.go` can use it carefully. ### There is still a `ToTrustedCmdArgs`, will it still allow developers to make mistakes and pass untrusted arguments? Generally speaking, no. Because when using `ToTrustedCmdArgs`, the code will be very complex (see the changes for examples). Then developers and reviewers can know that something might be unreasonable. ### Why there was a `CmdArgCheck` and why it's removed? At the moment of #21535, to reduce unnecessary changes, `CmdArgCheck` was introduced as a hacky patch. Now, almost all code could be written as `cmd := NewCommand(); cmd.AddXxx(...)`, then there is no need for `CmdArgCheck` anymore. ### Why many codes for `signArg == ""` is deleted? Because in the old code, `signArg` could never be empty string, it's either `-S[key-id]` or `--no-gpg-sign`. So the `signArg == ""` is just dead code. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2023-02-04 03:30:43 +01:00			`cmd.AddOptionFormat("--format=%s", format.String())`
Refactor git command arguments and make all arguments to be safe to be used (#21535) Follow #21464 Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic. 2022-10-23 16:44:45 +02:00			`cmd.AddDynamicArguments(commitID)`
Added all required dependencies 2016-11-03 23:16:01 +01:00
Rework repository archive (#14723) * Use storage to store archive files * Fix backend lint * Add archiver table on database * Finish archive download * Fix test * Add database migrations * Add status for archiver * Fix lint * Add queue * Add doctor to check and delete old archives * Improve archive queue * Fix tests * improve archive storage * Delete repo archives * Add missing fixture * fix fixture * Fix fixture * Fix test * Fix archiver cleaning * Fix bug * Add docs for repository archive storage * remove repo-archive configuration * Fix test * Fix test * Fix lint Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-06-23 23:12:38 +02:00			`var stderr strings.Builder`
Refactor git command arguments and make all arguments to be safe to be used (#21535) Follow #21464 Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic. 2022-10-23 16:44:45 +02:00			`err := cmd.Run(&RunOpts{`
Remove `git.Command.Run` and `git.Command.RunInDir` (#19280) Follows #19266, #8553, Close #18553, now there are only three `Run..(&RunOpts{})` functions. before: `stdout, err := RunInDir(path)` * now: `stdout, _, err := RunStdString(&git.RunOpts{Dir:path})` 2022-04-01 04:55:30 +02:00			`Dir: repo.Path,`
			`Stdout: target,`
			`Stderr: &stderr,`
Change git.cmd to RunWithContext (#18693) Change all `cmd...Pipeline` commands to `cmd.RunWithContext`. #18553 Co-authored-by: Martin Scholz <martin.scholz@versasec.com> 2022-02-11 13:47:22 +01:00			`})`
Rework repository archive (#14723) * Use storage to store archive files * Fix backend lint * Add archiver table on database * Finish archive download * Fix test * Add database migrations * Add status for archiver * Fix lint * Add queue * Add doctor to check and delete old archives * Improve archive queue * Fix tests * improve archive storage * Delete repo archives * Add missing fixture * fix fixture * Fix fixture * Fix test * Fix archiver cleaning * Fix bug * Add docs for repository archive storage * remove repo-archive configuration * Fix test * Fix test * Fix lint Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-06-23 23:12:38 +02:00			`if err != nil {`
			`return ConcatenateError(err, stderr.String())`
			`}`
			`return nil`
Added all required dependencies 2016-11-03 23:16:01 +01:00			`}`